Windows Security Center
Encyclopedia
The Windows Action Center (previously known as Windows Security Center) is a component included with Microsoft
's Windows XP
(beginning with Service Pack 2), Windows Vista
and Windows 7 operating system
s that provides users with the ability to view the status of computer security
settings and services. Windows Action Center also continually monitors these security settings, and informs the user via a pop-up notification balloon if there is a problem. It is renamed to Action Center in Windows 7, where it covers maintenance as well as security.
, a Windows Service
, and an application programming interface
that is provided by Windows Management Instrumentation
.
The control panel divides the monitored security settings into categories, the headings of which are displayed with a background color of light blue (green in Vista), yellow, or red. A category with a blue or green background indicates that the settings in the category are "healthy". A yellow background typically indicates that some or all of the settings in that category are not being monitored. A red background indicates that there is a problem that can expose the user's computer to problems.
The current state of these settings is determined by the Windows Service. This service, named "Security Center", is started automatically when the computer starts, and takes responsibility for continually monitoring the system for changes, and also informs the user via a pop-up notification balloon if there is a problem. The settings are made available to the system through a Windows Management Instrumentation
provider.
The primary interface which third-party anti-virus, anti-malware and firewall software vendors use to register with Windows Action Center is through the WMI provider. In Windows Vista, some Windows API
calls were added to let applications retrieve the aggregate health status of Windows Action Center, and to receive notifications when the health status changes. Microsoft has offered suggestions that these new calls could be used by any application that wants to confirm that the system is in a healthy state before engaging in certain actions. An example they give is that a computer game could ensure that a firewall is running before connecting to a multi-player online game.
that would provide a consolidated view of the most important security features. Service Pack 2, released in August 2004, includes the first version of Security Center. This initial version provides monitoring of Windows Update
, Windows Firewall
, and the availability of an anti-virus software package. Third-party providers of firewall and anti-virus software packages were encouraged to make use of the Windows Action Center application programming interface
to ensure that their software would be recognized.
adds anti-malware
software detection, monitoring of User Account Control
, and monitoring of several Internet Explorer
security settings. Windows Defender
, Microsoft's anti-malware product, is included with Windows Vista by default, which Windows Action Center will monitor; a third-party anti-malware product can replace this. Another feature of the Windows Vista version is that it includes the ability to display logos of third-party products that have been registered with the Security Center.
Unlike Windows XP, in the beta versions of Windows Vista the Windows Action Center could not be disabled or overridden. Security software maker Symantec
spoke out against this, noting that it would cause a great deal of consumer confusion because any security problems would be reported by both Windows Action Center and Symantec's tools at the same time. McAfee
, another large security software vendor, lodged similar complaints, and in the end Microsoft allowed Windows Security Center to be disabled in the release version of Vista.
published an article in their Security Watch newsletter titled "Windows XP SP2 Security Center Spoofing Threat" which outlined a design vulnerability which could allow a malware to manipulate Security Center into displaying the fake security status that it desires, regardless of the true security status. To do so, the malware requires Administrative privileges
.
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
's Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
(beginning with Service Pack 2), Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
and Windows 7 operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s that provides users with the ability to view the status of computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
settings and services. Windows Action Center also continually monitors these security settings, and informs the user via a pop-up notification balloon if there is a problem. It is renamed to Action Center in Windows 7, where it covers maintenance as well as security.
Overview
The Windows Action Center consists of three major components: A control panelControl Panel (Windows)
The Control Panel is a part of the Microsoft Windows graphical user interface which allows users to view and manipulate basic system settings and controls via applets, such as adding hardware, adding and removing software, controlling user accounts, and changing accessibility options...
, a Windows Service
Windows Service
On Microsoft Windows operating systems, a Windows service is a long-running executable that performs specific functions and which is designed not to require user intervention. Windows services can be configured to start when the operating system is booted and run in the background as long as...
, and an application programming interface
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...
that is provided by Windows Management Instrumentation
Windows Management Instrumentation
Windows Management Instrumentation is a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification...
.
The control panel divides the monitored security settings into categories, the headings of which are displayed with a background color of light blue (green in Vista), yellow, or red. A category with a blue or green background indicates that the settings in the category are "healthy". A yellow background typically indicates that some or all of the settings in that category are not being monitored. A red background indicates that there is a problem that can expose the user's computer to problems.
The current state of these settings is determined by the Windows Service. This service, named "Security Center", is started automatically when the computer starts, and takes responsibility for continually monitoring the system for changes, and also informs the user via a pop-up notification balloon if there is a problem. The settings are made available to the system through a Windows Management Instrumentation
Windows Management Instrumentation
Windows Management Instrumentation is a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification...
provider.
The primary interface which third-party anti-virus, anti-malware and firewall software vendors use to register with Windows Action Center is through the WMI provider. In Windows Vista, some Windows API
Windows API
The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces available in the Microsoft Windows operating systems. It was formerly called the Win32 API; however, the name "Windows API" more accurately reflects its roots in 16-bit Windows and its support on...
calls were added to let applications retrieve the aggregate health status of Windows Action Center, and to receive notifications when the health status changes. Microsoft has offered suggestions that these new calls could be used by any application that wants to confirm that the system is in a healthy state before engaging in certain actions. An example they give is that a computer game could ensure that a firewall is running before connecting to a multi-player online game.
Windows XP SP2
Microsoft learned from discussions with customers that there was confusion as to whether users were taking appropriate steps to protect their systems, or if the steps they were taking were effective. From this research, Microsoft made the decision to include a visible control panel with Windows XP Service Pack 2Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
that would provide a consolidated view of the most important security features. Service Pack 2, released in August 2004, includes the first version of Security Center. This initial version provides monitoring of Windows Update
Windows Update
Windows Update is a service provided by Microsoft that provides updates for the Microsoft Windows operating system and its installed components, including Internet Explorer...
, Windows Firewall
Windows Firewall
Windows Firewall is a software component of Microsoft Windows that provides firewalling and packet filtering functions. It was first included in Windows XP and Windows Server 2003...
, and the availability of an anti-virus software package. Third-party providers of firewall and anti-virus software packages were encouraged to make use of the Windows Action Center application programming interface
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...
to ensure that their software would be recognized.
Windows Vista
Windows VistaWindows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
adds anti-malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
software detection, monitoring of User Account Control
User Account Control
User Account Control is a technology and security infrastructure introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed version also present in Windows 7 and Windows Server 2008 R2...
, and monitoring of several Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
security settings. Windows Defender
Windows Defender
Windows Defender, formerly known as Microsoft AntiSpyware, is a software product from Microsoft to prevent, remove, and quarantine spyware in Microsoft Windows...
, Microsoft's anti-malware product, is included with Windows Vista by default, which Windows Action Center will monitor; a third-party anti-malware product can replace this. Another feature of the Windows Vista version is that it includes the ability to display logos of third-party products that have been registered with the Security Center.
Unlike Windows XP, in the beta versions of Windows Vista the Windows Action Center could not be disabled or overridden. Security software maker Symantec
Symantec
Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:...
spoke out against this, noting that it would cause a great deal of consumer confusion because any security problems would be reported by both Windows Action Center and Symantec's tools at the same time. McAfee
McAfee
McAfee, Inc. is a computer security company headquartered in Santa Clara, California, USA. It markets software and services to home users, businesses and the public sector. On August 19, 2010, electronics company Intel agreed to purchase McAfee for $7.68 billion...
, another large security software vendor, lodged similar complaints, and in the end Microsoft allowed Windows Security Center to be disabled in the release version of Vista.
Windows 7
In Windows 7, the Windows Action Center has been renamed the Action Center (Windows Solution Center and Windows Health Center in earlier builds) and encompasses both security and maintenance of the computer. Yellow indicates that there is a message that requires attention. Red indicates that there is an important message for the user to solve.PC Magazine criticism
On , PC MagazinePC Magazine
PC Magazine is a computer magazine published by Ziff Davis Publishing Holdings Inc. A print edition was published from 1982 to January 2009...
published an article in their Security Watch newsletter titled "Windows XP SP2 Security Center Spoofing Threat" which outlined a design vulnerability which could allow a malware to manipulate Security Center into displaying the fake security status that it desires, regardless of the true security status. To do so, the malware requires Administrative privileges
System administrator
A system administrator, IT systems administrator, systems administrator, or sysadmin is a person employed to maintain and operate a computer system and/or network...
.